Preview Tool

Cisco Bug: CSCuq55666 - [ENH]Cluster communication should not rely only on CBC ciphers

Last Modified

Dec 13, 2018

Products (1)

Cisco Email Security Appliance

Known Affected Releases

11.1.0-131 8.0.2-055 8.5.6-092 9.7.1-066

Description (partial)

Symptom:
With 3des-cbc or blowfish-cbc ciphers removed under sshconfig -> sshd ESAs will not be able to join cluster
Error presented: 'Unexpected EOF on connect'"
Conditions:
ESAs cannot join cluster if 3des-cbc or blowfish-cbc ciphers are removed from the list of SSH ciphers. Having this restriction, customer's vulnerability tests are failing due to CVE-2008-5161